Join us in London for Infosecurity Europe June 2 – 4, 2026 | Booth C69 | Excel London | Get a FREE ticket
Components
Encryption
Dependencies
Geoprovenance
Licenses
Scanning
Semgrep
- POSTStandard health check endpoint to verify service availability and connectivity
- GETGet potential security issues associated with a single component This is the current method that accepts ComponentRequest for enhanced component identification Replaces the deprecated GetIssues method for single component queries
- POSTGet potential security issues associated with multiple components This is the current method that accepts ComponentsRequest for enhanced component identification Replaces the deprecated GetIssues method
Vulnerabilities
Get potential security issues associated with multiple components
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetIssues method
curl --request POST \
--url https://api.example.com/v2/semgrep/issues/components \
--header 'Content-Type: application/json' \
--data '
{
"components": [
{
"purl": "pkg:github/scanoss/engine@1.0.0"
},
{
"purl": "pkg:github/scanoss/scanoss.py@v1.30.0"
}
]
}
'{
"components": [
{
"purl": "pkg:maven/org.apache.commons/commons-lang3",
"version": "3.12.0",
"requirement": "3.12.0",
"files": [
{
"fileMD5": "a1b2c3d4e5f6",
"path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
"issues": [
{
"ruleID": "java.lang.security.audit.crypto.weak-hash",
"from": "156",
"to": "159",
"severity": "WARNING"
},
{
"ruleID": "java.lang.security.audit.sql-injection.sql-injection",
"from": "284",
"to": "286",
"severity": "ERROR"
}
]
},
{
"fileMD5": "b2c3d4e5f6a1",
"path": "src/main/java/org/apache/commons/lang3/Validate.java",
"issues": [
{
"ruleID": "java.lang.security.audit.hardcoded-secret",
"from": "95",
"to": "95",
"severity": "ERROR"
}
]
}
]
}
],
"status": {
"status": "SUCCESS",
"message": "Security analysis completed successfully"
}
}Semgrep
Get potential security issues associated with multiple components This is the current method that accepts ComponentsRequest for enhanced component identification Replaces the deprecated GetIssues method
POST
/
v2
/
semgrep
/
issues
/
components
Get potential security issues associated with multiple components
This is the current method that accepts ComponentsRequest for enhanced component identification
Replaces the deprecated GetIssues method
curl --request POST \
--url https://api.example.com/v2/semgrep/issues/components \
--header 'Content-Type: application/json' \
--data '
{
"components": [
{
"purl": "pkg:github/scanoss/engine@1.0.0"
},
{
"purl": "pkg:github/scanoss/scanoss.py@v1.30.0"
}
]
}
'{
"components": [
{
"purl": "pkg:maven/org.apache.commons/commons-lang3",
"version": "3.12.0",
"requirement": "3.12.0",
"files": [
{
"fileMD5": "a1b2c3d4e5f6",
"path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
"issues": [
{
"ruleID": "java.lang.security.audit.crypto.weak-hash",
"from": "156",
"to": "159",
"severity": "WARNING"
},
{
"ruleID": "java.lang.security.audit.sql-injection.sql-injection",
"from": "284",
"to": "286",
"severity": "ERROR"
}
]
},
{
"fileMD5": "b2c3d4e5f6a1",
"path": "src/main/java/org/apache/commons/lang3/Validate.java",
"issues": [
{
"ruleID": "java.lang.security.audit.hardcoded-secret",
"from": "95",
"to": "95",
"severity": "ERROR"
}
]
}
]
}
],
"status": {
"status": "SUCCESS",
"message": "Security analysis completed successfully"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
Use this file to discover all available pages before exploring further.
Body
application/json
Represents a list of software component to be analyzed by SCANOSS API services. Allows analysis of multiple software components in a single API call, improving performance over individual requests.
Represents a list of software component to be analyzed by SCANOSS API services. Allows analysis of multiple software components in a single API call, improving performance over individual requests.
Show child attributes
Show child attributes
Response
A successful response.
Components issue response data (JSON payload) Contains security issues detected by Semgrep analysis for multiple components. This is the current response format that replaces the deprecated SemgrepResponse.
Get potential security issues associated with a single component
This is the current method that accepts ComponentRequest for enhanced component identification
Replaces the deprecated GetIssues method for single component queriesGet vulnerability information for a single software component.
⌘I